skip to Main Content

Cybercrime, also Linux has its Cobalt Strike Beacon version

Also Linux has its Cobalt Strike Beacon version. Intezer potted the new malware in August and dubbed it Vermilion Strike. It has been actively used in attacks targeting organizations

A Cobalt Strike Beacon Linux version has been actively used in attacks targeting organizations worldwide. According to Bleeping Computer, Intezer cybersecurity experts first spotted the beacon re-implementation in August and dubbed it Vermilion Strike. It comes with the same configuration format as the official Windows beacon and can speak with all malware’ servers, but doesn’t use any code of it. Furthermore, it is detected only by few anti-virus solutions. This new Linux malware also features technical overlaps (the same functionality and command-and-control servers) with Windows DLL files hinting at the same developer. One installed in the victim’s machine, the Cobalt Strike Linyux version can change working directory, get current working directory, append/write to file, upload file to C2, execute command via popen, get disk partitions, and list files.

Back To Top